Permissions for shared libraries in Kerberos
Robbie Harwood
rharwood at redhat.com
Wed Nov 18 15:37:42 EST 2020
Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
> I have been working on packaging up our Kerberos code into a RPM (to
> upgrade our ancient dusty old Kerberos RPMs), and I had been running
> into a problem where shared library dependencies were not being
> processed properly. More specifically, the executables were saying,
> "hey, I depend on libkrb5.so(FOO)", but the RPM wouldn't ever figure
> out the shared library PROVIDED "libkrb5.so(FOO)", so you'd get a
> bunch of unresolved dependencies. We had this same problem with our
> ancient old dusty Kerberos RPMs, but I wanted to fix this correctly
> for once.
>
> Fast forward a distressingly large number of late-night hours later
> digging into the guts of RPM, the reason for this is simple. The
> automatic dependency scripts only extract symbols from shared
> libraries if they have the execute bit set, and MIT Kerberos installs
> all of the shared libraries as mode 644.
Fedora seems to take care of this transparently - I don't have any
special logic to mark them executable.
Thanks,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20201118/c33bf5cc/attachment.bin
More information about the krbdev
mailing list